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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address » 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )£3 Responsive to communication(s) filed on 04 December 2001 . 
2a)D This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [>j] Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEI Claim(s) U24 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 04 Decmber 2001 is/are: a)G3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. §119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .0 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-24 have been examined. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

3. Claims 1-4, 8-11, 13-16 and 20-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bahlmann United States Letter Patent Number 6,487,594 further in 



Application/Control Number: 10/006,552 Page 3 

Art Unit: 2133 

view of Brownlie et al. (hereinafter Brownlie) United States Letter Patent Number . 
6,202,157. 

As per claims 1 and 13: 

Bahlmann teaches a method and system for determining and enforcing security 
policy in a communication session for a group of participants, the method comprising: 

providing group and local policies wherein each local policy states a set of local 
requirements for the session for a participant and the group policy represents a set of 
conditional, security-relevant requirements to support the session; (Col. 1, lines 59-63; 
Col. 2, lines 64-65) 

generating a policy instance based on the group and local policies wherein the 
policy instance defines a configuration of security-related services used to implement 
the session and rules used for authorization and access control of participants to the 
session; (Col. 2, lines 8-12 and lines 34-36) 

distributing the policy instance to the participants; (Col. 1, lines 64-67; Col. 3, 
lines 50-53) 

Bahlmann does not explicitly disclose analyzing the policy instance with respect 
to a set of correctness principles; and enforcing the security policy based on the rules 
throughout the session. 

Brownlie in analogous art, however, discloses analyzing the policy instance with 
respect to a set of correctness principles; (Col. 5, lines 31-38) and enforcing the security 
policy based on the rules throughout the session (Col. 5, lines 46-48). 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method and system disclosed by 
Bahlmann to include analyzing the policy instance with respect to a set of correctness 
principles; and enforcing the security policy based on the rules throughout the session. 
This modification would have been obvious because a person having ordinary skill in 
the art would have been motivated to do so, as suggested by, Brownlie (Abstract) in 
order to provide variable security policy rule data for distribution to network node 
through central security policy rule data distribution source and enforce the policy rules. 
As per claims 2 and 14: 

Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of 
distributing includes the steps of authorizing a potential participant to participate in the 
session based on the rules and determining whether the potential participant has a right 
to view the security policy. (Col. 7, lines 8-15) 
As per claims 3 and 15: 

Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of analyzing 
verifies that the policy instance adheres to a set of principles defining legal construction 
and composition of the security policy. (Col. 5, lines 33-37) 
As per claims 4 and 16: 

Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of 
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generating includes the step of reconciling the group and local policies to obtain the 
policy instance which is substantially compliant with each of the local policies and 
wherein the policy instance identifies relevant requirements of the session and how the 
relevant requirements are mapped into the configuration. (Col. 2, lines 10-12; a central 
policy database operable with each of the regional policy databases for providing 
central definitions to the Internet servers.) 
As per claims 8 and 20: 

Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of enforcing 
includes the steps of creating and processing events and. (Col. 6, lines 33-55) 
As per claims 9 and 21: 

Bahlmann, Brownlie and Moriconi teach all the subject matter as discussed 
above. In addition, Brownlie further discloses a method and system wherein the step of 
enforcing includes delivering the events to security services via a real or software- 
emulated broadcast bus. (Col. 7, lines 58-64) 
As per claims 10 and 22: 

Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of creating 
events includes the step of translating application requests into the events. (Col. 6, lines 
33-55) 

As per claims 11 and 23: 
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Bahlmann and Brownlie teach all the subject matter as discussed above. In 
addition, Brownlie further discloses a method and system wherein the step of enforcing 
further includes the steps of creating and processing timers and messages. (Col. 7, 
lines 50-56) 

4. Claims 5-7, 12, 17-19 and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bahlmann United States Letter Patent Number 6,487,594 further in 
view of Brownlie et al. (hereinafter Brownlie) United States Letter Patent Number 
6,202,157 and further in view of Moriconi et al. (hereinafter Moriconi) United States 
Patent Number 6,158,010. 
As per claims 5 and 17: 

Bahlmann and Brownlie teach all the subject matter as discussed above. Both 
references do not explicitly disclose a method and system comprising verifying that the 
policy instance complies with the set of local requirements stated in the local policies. 

Moriconi in analogous art, however, discloses verifying that the policy instance 
complies with the set of local requirements stated in the local policies. (Col. 4, lines 20- 
24) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method and system disclosed by 
Bahlmann and Brownlie to include verifying that the policy instance complies with the 
set of local requirements stated in the local policies. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to 
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do so, as suggested by, Moriconi (Col. 3, lines 44-45) in order to protect distributed 
networks of enterprises against unauthorized access. 
As per claims 6 and 18: 

Bahlmann, Brownlie and Moriconi teach all the subject matter as discussed 
above. In addition, Brownlie further discloses a method and system comprising 
identifying parts of a local policy that are not compliant with the policy instance and 
determining modifications required to make the local policy compliant with the policy 
instance. (Col. 7, lines 41-49) 
As per claims 7 and 19: 

Bahlmann, Brownlie and Moriconi teach all the subject matter as discussed 
above. In addition, Brownlie further discloses a method and system comprising 
preventing a potential participant from participating in the session if the policy instance 
does not comply with the set of local requirements of the potential participant. (Col. 7, 
lines 12-14) 

As per claims 12 and 24: 

Bahlmann and Brownlie teach all the subject matter as discussed above. Both 
references do not explicitly disclose a method and system wherein the set of local 
requirements specifies provisioning and access control policies. 

Moriconi in analogous art, however, discloses a set of local requirements 
specifies provisioning and access control policies. (Col. 4, lines 28-33) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method and system disclosed by 
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Bahlmann and Brownlie to include a set of local requirements specifies provisioning and 
access control policies. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to do so, as suggested by, 
Moriconi (Abstract) in order to manage access to the securable components as 
specified by the local policy. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on 571-272-3819. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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